To operate, legally, as an organisation you have to conform to an array of legislation, regulations, mandatory and voluntary standards. The regulations can come from a wide variety of places. For example your national government, the European Union, organisations such as the World Trade Organization, trade agreements (e.g NAFTA) or foreign government legislation. Adhering to these is what we mean by compliance.
There are direct financial and legal reasons for having a compliance programme. When handing out the largest ever fine (£20m) for a breach of environmental standards the judge in the case cited the organisation’s ‘history of non-compliance’. A chief executive of a financial organisation was fined almost £1m for being non-compliant with regulations in relation to whistleblowing.
General Data Protection Regulation (GDPR)
Compliance areas like money laundering, modern slavery and whistleblowing could seem abstract to some organisations. Many managers would be forgiven for saying ‘We aren’t a financial organisation so maybe compliance isn’t for us.’ However, the introduction of GDPR meant that organisation can’t ignore their compliance obligations, no matter their size or scope. With the threat of fines up to €20 million, or 4% of their annual revenue, organisations across all industries and sectors moved quickly to ensure their operations were and remain compliant with the new guidelines.
There is another major reason to be compliant
The quality of your service or product is, of course, the key to success. However, most business leaders will point to brand name and reputation as the second most important factor in the success of an organisation. Indeed, being compliant helps to protect against unnecessary damage to your brand name. If your organisation loses important customer data on the street, your reputation and credibility can suffer, so when it comes to deciding between your organisation and a competitor that has never lost data, your prospect will probably go for the safest option. This can have an incalculable negative impact on your profit margins and reputation, which could potentially have been avoided with proper IT security policy and effective training.
From 2008 to 2017 there was a £40 billion growth in the ethical goods* market. This growth is the result of the spending power of millennials, generation y and generation z becoming a bigger factor in the market. These demographics care more about the ethics behind the goods and services they use than previous generations of consumers. They care that your organisation is compliant with modern slavery legislation, they care about environmental standards and they care that their data is secure. They care about this as consumers and also as employees.
Note: Ethical goods are goods which were ethically made or do not harm the environment and society. Organic, free-range food and fairtrade products are examples.
The United Kingdom enacted its Modern Slavery Act in 2015. One of the principles behind this legislation is that reputation matters to organisations and business ethics matter to consumers. The legislation requires certain organisations to publish annual statements on their efforts to combat modern slavery. The Secretary of State can force compliance through the high court. However, the government expects stakeholders (e.g consumers or shareholders) to hold companies to account.
_________________________________________________________________________________________________________
How do you implement a compliance programme?
Implementing a compliance programme is a large project. A good compliance programme will look something like this:
1) Knowing the scope is the first step and also an ongoing step. You need to know about all the regulations that govern your industry. You also need to list the internal compliance requirements.
2) Gather information from inside and outside your organisation. Leverage the knowledge of board members, managers, and employees. There is likely to be a wealth of information here. Research industry developments, analyse how your competitors implement compliance programmes and perhaps consult with relevant professionals.
3) Set down the goals that you need to work towards.
4) A risk assessment will help you prioritise. You will not only identify risks but will also be able to analyse the probability and potential damage of each risk. This means you can appropriately focus your efforts.
5) Align your policies, procedures and processes. They need to work together to have a meaningful impact.
6) Is everything understood? Stakeholders need to know their roles. Does a policy assign responsibility to someone specific? They need to know this. Does a policy create a new process? The relevant parties need to know. Communicate with anyone with responsibilities and encourage feedback.
7) Is there a buy-in? It is easy to have policies. In fact, there are some freely available on the internet that are ready to go! However, the organisation needs to be ready and willing to embrace them. You might want to gauge buy-in with surveys or reviews.
8) Ongoing assessment, e.g reviews, audits, monitoring and continuing oversight, is needed. Once things are in place, you need to make sure everything operates effectively. Ongoing monitoring also helps to find gaps not previously considered in the risk assessment.
9) Employees, managers and executives will need targeted, periodic and recurrent training.
10) You should define your key performance indicators and any other quantifiable outcomes of your compliance programme. Gather the relevant information and share it with all the relevant stakeholders. You need to measure your success and your failures!
_________________________________________________________________________________________________________
What do you have to comply with?
The regulatory and compliance landscape facing organisations is constantly changing and expanding. PwC remarked that regulation and compliance legislation is a ‘growth industry’. The annual Cost of Compliance Survey released by Thomson Reuters analysed on average 216 regulatory updates a day in 2018 (this was increased from 201 in 2017).
The specifics of what your organisation needs to comply with depends on your organisation. There are broad topics that apply to all organisations, for example, health and safety, fraud prevention, equality and diversity, and GDPR.
There are industry-specific compliance issues. For example, companies in the food industry have numerous standards they have to adhere to. Certain types of financial organisations have specific and strict rules to follow in relation to money laundering. The majority of public organisations (e.g state-owned) have to follow guidelines in relation to the Freedom of Information Act.
Does your organisation operate in multiple countries and across different regions? This could heighten your responsibilities in terms of anti-bribery laws and anti-modern slavery laws. Your organisation might also have to consider the subtleties of country-specific legislation.
The two pillars of compliance
It doesn’t matter what industry you are in. It doesn’t matter whether your organisation is big or small, or even whether it is publicly or privately owned. There are two pillars on which a compliance programme rests:
- Policies
- Training
These pillars work in tandem. When these pillars are absent or poorly implemented, the results can be disastrous. In a worst case scenario of a violation by an employee for example, you will want to show that they have read the policy read the policy and completed their training.
_________________________________________________________________________________________________________
Why are policies so important?
Policies are important as they:
- Outline to employees what is expected of them in terms of their behaviour, ethics, and performance standards.
- Enable an organisation to have clear and consistent responses across different departments of the company
- Demonstrate to regulators that the organisation is serious about being compliant with all relevant standards
- Are necessary to be compliant with certain legislation
Policies set the tone for an organisation and have an important impact on an organisation’s internal culture. This was demonstrated starkly in 2018 with the collapse of facilities management and construction company, Carillion. The collapse was a result of ‘rotten corporate culture’, ‘incredibly poor standards’, ‘conflicts of interest’ and ‘basic failings of governance’
_________________________________________________________________________________________________________
Why is compliance training so important?
Your organisation could invest time researching the regulatory framework in which it operates. It could hire internal or external compliance experts and consultants. It could put in place technology, procedures and equipment to ensure compliance. The compliance team or management could write policies and email them to staff to finalise the compliance project.
This will all be undone if employees do not understand the policies and procedures. All it would take is one accident or one misunderstanding by a staff member to expose the whole organisation. Training is the thread that holds compliance together. Employees do not need to know the minutiae of the regulation – just the basics, how it affects their role and why it matters.
PwC Denmark commissioned a report called ‘Getting ahead of the watchdogs: Real-time compliance management 2018 State of Compliance’. The report ranks organisations into categories of Leaders (i.e those with the best compliance programmes), Fast Followers (second-best) and finally Strivers. The report states:
‘Compliance training and communications are more comprehensive and up-to-date at Leaders than at Fast Followers and Strivers. Leaders also are more often using multiple sources of information to inform and target their training and think creatively about new ways to digitally engage employees in training activities. All of those actions positively affect their orgainisations overall risk profiles. Employees are familiar with the risks and behaviors that are permissible and those that are impermissible, and they’re therefore less likely to do things that would place the organsations at higher risk.’
_________________________________________________________________________________________________________
How do you choose compliance training that’s right for your organisation?
The compliance training topics your organisation needs should become apparent during the risk assessment and research stage. For example, a financial organisation might need policies, procedures and therefore training on the fair treatment of customers. However, how you choose to deliver the training might be less clear.
Increasingly, companies are turning to eLearning to provide training for their employees. Some companies use only eLearning content and others use a blend of instructor-led training and eLearning. The eLearning market has grown year on year since 2009.
But what’s the reason behind it?
One study found that for every dollar spent on eLearning there was a $30 return on productivity. eLearning is cheaper, takes less time to complete, requires no travelling to and from a classroom, and some research indicates it might improve knowledge retention over classroom study.
The case for eLearning
In the 1990s IBM made a conscious effort to reorganise and modernise the organisation. They had employees spread across the world, high staff turnover and challenges to their revenue. Their cumbersome internal training systems were one aspect of the business they tried to improve. One pillar of the solution was eLearning. They credit eLearning with annual savings of $350M and with a more loyal, more flexible and more productive workforce.
(source)
Content is king
To get the most out of your eLearning and maximise compliance, choose a well-constructed course with clear, accurate and engaging content. One term to keep in mind while looking is active learning.
Active learning is a teaching methodology that is used in all levels of education. From the early years of education up to third level and adult education. Active learning might have been a part of your own education. Group discussion, debates, brainstorming activities and different types of educational games are common examples of active learning in a classroom setting. The opposite is known as passive learning. An example of this would be a student listening to a lecture.
The goal of active learning is to engage the learner in the process of knowledge construction. Through active learning, learners internalise what they have learned and increase their ability to recall (i.e use knowledge) when called upon. This is crucial to help employees act in a compliant manner during the hustle and bustle of the average (or not so average) workday!
Examples of active learning strategies
Pre-testing: You learn from your mistakes. It is common knowledge. You make a mistake with a recipe, you figure out what went wrong and resolve to improve the next time. This translates to formal learning as well. Research into the educational value of pre-testing (test questions being asked before learners read content) concluded:
‘Even if tests are not answered successfully, they have the potential to improve future learning, as measured by both immediate and delayed performance measures. This finding suggests that using tests as learning events in educational settings could have lasting benefits for learners’ content acquisition, and that tests should be considered a potent learning opportunity, rather than simply as an assessment measure.’
eLearning is a good environment for this type of pre-testing. The environment is risk-free. Any fear of public embarrassment (i.e fear of being wrong publicly) is not present. Ungraded pre-test questions in an eLearning course allow learners to make and learn from their mistakes without these risks.
Case studies: In educational theory, cases studies are stories or narratives with information written to invite analysis by learners. They will include a description of a problem and provide some important data (e.g stats, quotes, images). In many cases, some data will be purposely left out. Learners are put in the position of making decisions or evaluations based on the information available. Connecting theoretical information with real-life (or like real) case studies engages learners in many ways. Depending on the specifics of the case study they develop problem-solving, analytical abilities and decision making.
Interactivity: Multiple choice, drag and drop, true or false and hotspots. The nuts and bolts of a traditional eLearning course. A good eLearning course will combine high-quality information screens with a quiz section. A sprinkling of traditional eLearning quizzes helps keep the learner actively engaged. They force the learner to think about and process the content. Importantly, it does not allow them to passively click the next button over and over! Avoid courses without the nuts and bolts.
Branching: eLearning branching scenarios are similar to choose your own adventure books or a recent Netflix special. They build on case studies but allow learners to see the consequence of an incorrect action. There is strong evidence in the academic literature of the educational benefits of branching scenarios. For example, a study of the use of such scenarios in third-level engineering courses concluded:
A well-designed scenario both intellectually and emotionally engages the learner, increasing motivation, knowledge acquisition, and most importantly the ability to synthesize and apply knowledge with prudence. Good scenarios also ensure that learners can practice in a safe, yet lifelike environment, and can be comfortable experimenting with different approaches. (source)
‘Synthesize and apply knowledge with prudence’ is an important outcome for compliance training. Many compliance topics have grey areas. They can require employees to make judgement calls or to apply existing knowledge in an unfamiliar context or scenario. Being free to make mistakes and being allowed to explore the ramifications of the mistake gives the learner a thorough, well-rounded understanding of the subject.
_________________________________________________________________________________________________________
Conclusion
To operate legally as an organisation you need to be compliant with a vast array of legislation and regulation. Depending on the age of your organisation you might be building a compliance programme from the ground up or maintaining or expanding an existing programme. In either scenario you will need:
- Policies that establish procedures, processes and company ethics. You need a mechanism to ensure they are read and understood by individual employees.
- Training that teaches employees how to work in a compliant manner. Many leading and forward-thinking organisations use eLearning as part of their compliance training programmes.
- Active learning is an important learning methodology to look for when comparing eLearning supplier.
_________________________________________________________________________________________________________
References
(1) Business Anti-Corruption – Compliance Program Success Guide
(2) Corporate Compliance Insights – Effective Corporate Compliance Programs
(3) Thomas Reuters – Corporate Compliance and Ethics Toolkit
(4) Deloitte – Corporate Regulatory and Ethical Compliance
(5) Bryan Cave Leighton Paisner – Implementing Strong Corporate Compliance Programs
(6) State of Compliance Study – Real-Time Compliance Management
(7) Modern Slavery Act: An Emerging Picture of Non-Compliance
(8) Reducing the Risk of Policy Failure – Challenges for Regulatory Compliance (2018)
Disclaimer: This article is purely for informational purposes and does not constitute legal advice. For more information on business protection and compliance in the UK, visit www.gov.uk.
For more information on EssentialSkillz, visit our About Us page.